osdir.com


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Typo-squatting PyPi


In case you haven't heard about this:

https://developers.slashdot.org/story/17/09/16/2030229/pythons-official-repository-included-10-malicious-typo-squatting-modules

Here is the Slashdot summary:

| The Slovak National Security Office (NBU) has identified ten malicious
| Python libraries uploaded on PyPI -- Python Package Index -- the
| official third-party software repository for the Python programming
| language. NBU experts say attackers used a technique known as
| typosquatting to upload Python libraries with names similar to
| legitimate packages -- e.g.: "urlib" instead of "urllib." The PyPI
| repository does not perform any types of security checks or audits
| when developers upload new libraries to its index, so attackers had no
| difficulty in uploading the modules online.
| 
| Developers who mistyped the package name loaded the malicious
| libraries in their software's setup scripts. "These packages contain
| the exact same code as their upstream package thus their functionality
| is the same, but the installation script, setup.py, is modified to
| include a malicious (but relatively benign) code," NBU explained.
| Experts say the malicious code only collected information on infected
| hosts, such as name and version of the fake package, the username of
| the user who installed the package, and the user's computer hostname.
| Collected data, which looked like "Y:urllib-1.21.1 admin testmachine",
| was uploaded to a Chinese IP address. NBU officials contacted PyPI
| administrators last week who removed the packages before officials
| published a security advisory on Saturday."

-- Alain.